ByteBufferPool Leak in Eclipse Jetty SslConnection

ByteBufferPool Leak in Eclipse Jetty SslConnection

CVE-2022-2191 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Learn more about our Web Application Penetration Testing UK.